Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
4
Helpful
3
Replies

convert production cisco router into IOS based firewall

Go to solution
Hiral Tewar
Level 1
Level 1

‎01-26-2015 04:37 AM - edited ‎03-07-2019 10:23 PM

Hi,

I am planning to convert our production router into IOS based firewall.

  • Please advice about DOs & DON'Ts.
  • What will happen to running configuration of Router?
    • Will it be still valid?

Thank you for your time and guidence !

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andre Neethling
Level 4
Level 4

‎01-26-2015 05:11 AM

Nothing will happen to your normal routing configs. Memory and CPU utilization may increase as you add services.

Will your router be attached directly to the internet, or behind another device?

Will you be using IOS Zone Based Firewall? If so, remember the "self" zone (the router itself). By default everything is allowed to and from the "self" zone. I would recommend a self zone policy from the start.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Andre Neethling
Level 4
Level 4

‎01-26-2015 05:11 AM

Nothing will happen to your normal routing configs. Memory and CPU utilization may increase as you add services.

Will your router be attached directly to the internet, or behind another device?

Will you be using IOS Zone Based Firewall? If so, remember the "self" zone (the router itself). By default everything is allowed to and from the "self" zone. I would recommend a self zone policy from the start.

0 Helpful

Go to solution
Hiral Tewar
Level 1
Level 1
In response to Andre Neethling

‎01-27-2015 12:59 AM

Thank you for your reply.

 

Router is attached directly to internet. I am thinking of using Zone based fw. Thank you for headsup on self zone.

During my brief research, i come acorss many blogs which suggest to use router for routing only. Whats your openion?

0 Helpful

Go to solution
Andre Neethling
Level 4
Level 4
In response to Hiral Tewar

‎01-27-2015 01:15 AM

I am using my router directly attached to the internet for Routing, IPSEC RA VPN, SSL RA VPN, Zone Based Firewall. It's important when enabling these extra features on the router, to make sure that your router has enough Memory and CPU. If you are using this for a production environment, make sure you know what you current performance and hardware resource utilization is. If you add too many features, your user experience could be affected.

I only have a few devices in my home office network, and I am using a 1841 router with additional memory (128MB+128MB). My CPU and Memory never go above 40%. What router do you have? How many Clients do you have? These are questions you must ask yourself. Do some baseline assessments on the CPU/Memory/Internet performance.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card